From 27a2d5a9cf4c0ebf10bd214e5bf960c9894187d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 11:53:24 +0000 Subject: [PATCH 01/18] chore(deps-dev): bump @wordpress/block-editor from 12.21.0 to 12.23.0 Bumps [@wordpress/block-editor](https://github.com/WordPress/gutenberg/tree/HEAD/packages/block-editor) from 12.21.0 to 12.23.0. - [Release notes](https://github.com/WordPress/gutenberg/releases) - [Changelog](https://github.com/WordPress/gutenberg/blob/trunk/packages/block-editor/CHANGELOG.md) - [Commits](https://github.com/WordPress/gutenberg/commits/@wordpress/block-editor@12.23.0/packages/block-editor) --- updated-dependencies: - dependency-name: "@wordpress/block-editor" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 276 +++++++++++++++++++--------------------------- package.json | 2 +- 2 files changed, 115 insertions(+), 163 deletions(-) diff --git a/package-lock.json b/package-lock.json index 44c04cfcd..fe5f8c40d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -36,7 +36,7 @@ "@types/wordpress__block-editor": "^11.5.9", "@types/wordpress__components": "^23.0.11", "@typescript-eslint/parser": "^7.2.0", - "@wordpress/block-editor": "^12.21.0", + "@wordpress/block-editor": "^12.23.0", "@wordpress/components": "^27.3.0", "@wordpress/compose": "^6.15.0", "@wordpress/data": "^9.22.0", @@ -6327,9 +6327,9 @@ } }, "node_modules/@wordpress/autop": { - "version": "3.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/autop/-/autop-3.53.0.tgz", - "integrity": "sha512-t330lnDM8gb8G4U8Ky1qWvDxDsNn4FP+QVTrN72AAhjsz95VTQRsNY5xesedEN82e6FRdPIoeHyd/RuVqd6QTg==", + "version": "3.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/autop/-/autop-3.55.0.tgz", + "integrity": "sha512-tZi3VrB8N2cPM2PSalhUV16qfF/eUu5uEW+zvNymahemE9uHu8/pMSZ3AWnXuBEv8GnZq0xAanj33zwIWpml3A==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0" @@ -6380,9 +6380,9 @@ "dev": true }, "node_modules/@wordpress/blob": { - "version": "3.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/blob/-/blob-3.53.0.tgz", - "integrity": "sha512-fB1oXibUBfL2eTt303nbkbIJPP+SkKDGxEbYNIBrwaAoqp3oma7Q5uhguI8XFwKcdFw5I73U9bhlnnLMhK4FuA==", + "version": "3.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/blob/-/blob-3.55.0.tgz", + "integrity": "sha512-S5PxZGaAyg8ebckTNB6IC1qjOHNev/RYQ1CwSXjT7hw6N4AtnkaNlm7GlHL8bM0xGw3B5/PD90LC3kL++sL6Kg==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0" @@ -6392,44 +6392,44 @@ } }, "node_modules/@wordpress/block-editor": { - "version": "12.21.0", - "resolved": "https://registry.npmjs.org/@wordpress/block-editor/-/block-editor-12.21.0.tgz", - "integrity": "sha512-B6c8YNWyv/zZPoEIo+Ks1W/RQQ9InUf99uZqlZSSevjDaKXZgFWWtecto60b8JQIqmpQJ32Y7LjdHcTMgAcFVQ==", + "version": "12.23.0", + "resolved": "https://registry.npmjs.org/@wordpress/block-editor/-/block-editor-12.23.0.tgz", + "integrity": "sha512-XF+GwD15qrkfNuvFXWx71vKEkdU9hGlm9dv8oek2LrkL/xmUITie2YIia+mWGnrVH+TP2C0nGj6LMHKHqOGmMw==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", "@emotion/react": "^11.7.1", "@emotion/styled": "^11.6.0", "@react-spring/web": "^9.4.5", - "@wordpress/a11y": "^3.53.0", - "@wordpress/api-fetch": "^6.50.0", - "@wordpress/blob": "^3.53.0", - "@wordpress/blocks": "^12.30.0", - "@wordpress/commands": "^0.24.0", - "@wordpress/components": "^27.1.0", - "@wordpress/compose": "^6.30.0", - "@wordpress/data": "^9.23.0", - "@wordpress/date": "^4.53.0", - "@wordpress/deprecated": "^3.53.0", - "@wordpress/dom": "^3.53.0", - "@wordpress/element": "^5.30.0", - "@wordpress/escape-html": "^2.53.0", - "@wordpress/hooks": "^3.53.0", - "@wordpress/html-entities": "^3.53.0", - "@wordpress/i18n": "^4.53.0", - "@wordpress/icons": "^9.44.0", - "@wordpress/is-shallow-equal": "^4.53.0", - "@wordpress/keyboard-shortcuts": "^4.30.0", - "@wordpress/keycodes": "^3.53.0", - "@wordpress/notices": "^4.21.0", - "@wordpress/preferences": "^3.30.0", - "@wordpress/private-apis": "^0.35.0", - "@wordpress/rich-text": "^6.30.0", - "@wordpress/style-engine": "^1.36.0", - "@wordpress/token-list": "^2.53.0", - "@wordpress/url": "^3.54.0", - "@wordpress/warning": "^2.53.0", - "@wordpress/wordcount": "^3.53.0", + "@wordpress/a11y": "^3.55.0", + "@wordpress/api-fetch": "^6.52.0", + "@wordpress/blob": "^3.55.0", + "@wordpress/blocks": "^12.32.0", + "@wordpress/commands": "^0.26.0", + "@wordpress/components": "^27.3.0", + "@wordpress/compose": "^6.32.0", + "@wordpress/data": "^9.25.0", + "@wordpress/date": "^4.55.0", + "@wordpress/deprecated": "^3.55.0", + "@wordpress/dom": "^3.55.0", + "@wordpress/element": "^5.32.0", + "@wordpress/escape-html": "^2.55.0", + "@wordpress/hooks": "^3.55.0", + "@wordpress/html-entities": "^3.55.0", + "@wordpress/i18n": "^4.55.0", + "@wordpress/icons": "^9.46.0", + "@wordpress/is-shallow-equal": "^4.55.0", + "@wordpress/keyboard-shortcuts": "^4.32.0", + "@wordpress/keycodes": "^3.55.0", + "@wordpress/notices": "^4.23.0", + "@wordpress/preferences": "^3.32.0", + "@wordpress/private-apis": "^0.37.0", + "@wordpress/rich-text": "^6.32.0", + "@wordpress/style-engine": "^1.38.0", + "@wordpress/token-list": "^2.55.0", + "@wordpress/url": "^3.56.0", + "@wordpress/warning": "^2.55.0", + "@wordpress/wordcount": "^3.55.0", "change-case": "^4.1.2", "classnames": "^2.3.1", "colord": "^2.7.0", @@ -6453,22 +6453,10 @@ "react-dom": "^18.0.0" } }, - "node_modules/@wordpress/block-editor/node_modules/@wordpress/private-apis": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/@wordpress/private-apis/-/private-apis-0.35.0.tgz", - "integrity": "sha512-ta+k1VfwFFj3+JjpANwhancgEZEznYOvdVcKeLAlhKbM10IwIX2jGqwTjHsoN+C4o/8eoLi4RgJgdDWHGXiGrw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.16.0" - }, - "engines": { - "node": ">=12" - } - }, "node_modules/@wordpress/block-serialization-default-parser": { - "version": "4.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/block-serialization-default-parser/-/block-serialization-default-parser-4.53.0.tgz", - "integrity": "sha512-EfLBKT6igcuS8NnnFM3IAIefJJm5ooR5M8+ZnsMYQLgCnpQ8fikCs2r2UwBXxQ8DqONmMrXnORAld2o8C21dxw==", + "version": "4.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/block-serialization-default-parser/-/block-serialization-default-parser-4.55.0.tgz", + "integrity": "sha512-5CbUjxpt4YpCFHPwh4whJvt054wK+yYvhcxcKUPIF5Qa+pQF8BvaXy5ufEQ5C4FZiRlyJTRUKeDfUORzdLZmjQ==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0" @@ -6478,27 +6466,27 @@ } }, "node_modules/@wordpress/blocks": { - "version": "12.30.0", - "resolved": "https://registry.npmjs.org/@wordpress/blocks/-/blocks-12.30.0.tgz", - "integrity": "sha512-XBuT+I15TGA7B8AFE13W8CcXvfAIzu1w9V7NRKZZm8A7TCN4BTUSGUwufbd8Jw7qZ7yrh8+JwzHtBOL2GpBByw==", + "version": "12.32.0", + "resolved": "https://registry.npmjs.org/@wordpress/blocks/-/blocks-12.32.0.tgz", + "integrity": "sha512-y/an3WKp0YNxjsJCW2RJaiJqNg6UuOWr6DMXVaBEUrH10dY1TFsX39dU+aFD2oaaYbnUoqmN/4M4smCC3EQHYA==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", - "@wordpress/autop": "^3.53.0", - "@wordpress/blob": "^3.53.0", - "@wordpress/block-serialization-default-parser": "^4.53.0", - "@wordpress/compose": "^6.30.0", - "@wordpress/data": "^9.23.0", - "@wordpress/deprecated": "^3.53.0", - "@wordpress/dom": "^3.53.0", - "@wordpress/element": "^5.30.0", - "@wordpress/hooks": "^3.53.0", - "@wordpress/html-entities": "^3.53.0", - "@wordpress/i18n": "^4.53.0", - "@wordpress/is-shallow-equal": "^4.53.0", - "@wordpress/private-apis": "^0.35.0", - "@wordpress/rich-text": "^6.30.0", - "@wordpress/shortcode": "^3.53.0", + "@wordpress/autop": "^3.55.0", + "@wordpress/blob": "^3.55.0", + "@wordpress/block-serialization-default-parser": "^4.55.0", + "@wordpress/compose": "^6.32.0", + "@wordpress/data": "^9.25.0", + "@wordpress/deprecated": "^3.55.0", + "@wordpress/dom": "^3.55.0", + "@wordpress/element": "^5.32.0", + "@wordpress/hooks": "^3.55.0", + "@wordpress/html-entities": "^3.55.0", + "@wordpress/i18n": "^4.55.0", + "@wordpress/is-shallow-equal": "^4.55.0", + "@wordpress/private-apis": "^0.37.0", + "@wordpress/rich-text": "^6.32.0", + "@wordpress/shortcode": "^3.55.0", "change-case": "^4.1.2", "colord": "^2.7.0", "fast-deep-equal": "^3.1.3", @@ -6519,18 +6507,6 @@ "react": "^18.0.0" } }, - "node_modules/@wordpress/blocks/node_modules/@wordpress/private-apis": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/@wordpress/private-apis/-/private-apis-0.35.0.tgz", - "integrity": "sha512-ta+k1VfwFFj3+JjpANwhancgEZEznYOvdVcKeLAlhKbM10IwIX2jGqwTjHsoN+C4o/8eoLi4RgJgdDWHGXiGrw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.16.0" - }, - "engines": { - "node": ">=12" - } - }, "node_modules/@wordpress/blocks/node_modules/react-is": { "version": "18.2.0", "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", @@ -6547,19 +6523,19 @@ } }, "node_modules/@wordpress/commands": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@wordpress/commands/-/commands-0.24.0.tgz", - "integrity": "sha512-siX+ouT9yvcdVYMdSY3REs3Tmnnzkv4L/dBhgJBrjJeMqh8badHR/4yqGEprPxuoRrU+Or5pwQDgq+HsvlxiaA==", + "version": "0.26.0", + "resolved": "https://registry.npmjs.org/@wordpress/commands/-/commands-0.26.0.tgz", + "integrity": "sha512-ha5CzaCuE0X2//WveEiJqkxCq8epztQNuuD+23tW327BbOo4gn9Cd8V507gOYCWe7t5O6RKk/p8UytDApel/LQ==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", - "@wordpress/components": "^27.1.0", - "@wordpress/data": "^9.23.0", - "@wordpress/element": "^5.30.0", - "@wordpress/i18n": "^4.53.0", - "@wordpress/icons": "^9.44.0", - "@wordpress/keyboard-shortcuts": "^4.30.0", - "@wordpress/private-apis": "^0.35.0", + "@wordpress/components": "^27.3.0", + "@wordpress/data": "^9.25.0", + "@wordpress/element": "^5.32.0", + "@wordpress/i18n": "^4.55.0", + "@wordpress/icons": "^9.46.0", + "@wordpress/keyboard-shortcuts": "^4.32.0", + "@wordpress/private-apis": "^0.37.0", "classnames": "^2.3.1", "cmdk": "^0.2.0", "rememo": "^4.0.2" @@ -6572,18 +6548,6 @@ "react-dom": "^18.0.0" } }, - "node_modules/@wordpress/commands/node_modules/@wordpress/private-apis": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/@wordpress/private-apis/-/private-apis-0.35.0.tgz", - "integrity": "sha512-ta+k1VfwFFj3+JjpANwhancgEZEznYOvdVcKeLAlhKbM10IwIX2jGqwTjHsoN+C4o/8eoLi4RgJgdDWHGXiGrw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.16.0" - }, - "engines": { - "node": ">=12" - } - }, "node_modules/@wordpress/components": { "version": "27.3.0", "resolved": "https://registry.npmjs.org/@wordpress/components/-/components-27.3.0.tgz", @@ -7421,15 +7385,15 @@ } }, "node_modules/@wordpress/keyboard-shortcuts": { - "version": "4.30.0", - "resolved": "https://registry.npmjs.org/@wordpress/keyboard-shortcuts/-/keyboard-shortcuts-4.30.0.tgz", - "integrity": "sha512-ICEFcw6p/uuXMddnDqMglR74p/uAUX1Rr4RM1BoZ7BqmopPTey4hQz8bT/FfogBpjl0QulD7D6rh19aiZ/ppfQ==", + "version": "4.32.0", + "resolved": "https://registry.npmjs.org/@wordpress/keyboard-shortcuts/-/keyboard-shortcuts-4.32.0.tgz", + "integrity": "sha512-llaTbIOx1MCuWDMIErY8MrNeonRdQXjfS6AacgZJkeU8os7eIgMtFZs4A7ec5wT+pfJMUcg7HiezEm/ZBSwfHQ==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", - "@wordpress/data": "^9.23.0", - "@wordpress/element": "^5.30.0", - "@wordpress/keycodes": "^3.53.0", + "@wordpress/data": "^9.25.0", + "@wordpress/element": "^5.32.0", + "@wordpress/keycodes": "^3.55.0", "rememo": "^4.0.2" }, "engines": { @@ -7453,14 +7417,14 @@ } }, "node_modules/@wordpress/notices": { - "version": "4.21.0", - "resolved": "https://registry.npmjs.org/@wordpress/notices/-/notices-4.21.0.tgz", - "integrity": "sha512-clyPRDhVbG7g1n1JDLLOimfBi5e6b9EekZv/P9amxCQxAvFquwDoAvQtUbuz6unF8sFLRtvLO5LnNqGwEnL/eg==", + "version": "4.23.0", + "resolved": "https://registry.npmjs.org/@wordpress/notices/-/notices-4.23.0.tgz", + "integrity": "sha512-EHhxq2/gNw1CV3Wp7KjFNoJ9KyTDeD72Akf7p3P+cv7iHBqCkx25XbIY59or+7/j9x1Fci/tLpTMFZeKQN80Mg==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", - "@wordpress/a11y": "^3.53.0", - "@wordpress/data": "^9.23.0" + "@wordpress/a11y": "^3.55.0", + "@wordpress/data": "^9.25.0" }, "engines": { "node": ">=12" @@ -7498,21 +7462,21 @@ } }, "node_modules/@wordpress/preferences": { - "version": "3.30.0", - "resolved": "https://registry.npmjs.org/@wordpress/preferences/-/preferences-3.30.0.tgz", - "integrity": "sha512-8GfcEWerwliMTs/hpKbYHxF0SnH/ghbpyUHk13hdZsJwIYFN/DGS9KPbeQmoMdJIOS5YUxhQ1dXCxJIjBmpSlA==", + "version": "3.32.0", + "resolved": "https://registry.npmjs.org/@wordpress/preferences/-/preferences-3.32.0.tgz", + "integrity": "sha512-yjAP5nFt58vLlFfltB3sJKjLmSkdIj7pJt/Qh6nKmTTdckQ+PumKi2e8aASI/rIsr6IR4CN/wwc7glKB1cypdg==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", - "@wordpress/a11y": "^3.53.0", - "@wordpress/components": "^27.1.0", - "@wordpress/compose": "^6.30.0", - "@wordpress/data": "^9.23.0", - "@wordpress/deprecated": "^3.53.0", - "@wordpress/element": "^5.30.0", - "@wordpress/i18n": "^4.53.0", - "@wordpress/icons": "^9.44.0", - "@wordpress/private-apis": "^0.35.0", + "@wordpress/a11y": "^3.55.0", + "@wordpress/components": "^27.3.0", + "@wordpress/compose": "^6.32.0", + "@wordpress/data": "^9.25.0", + "@wordpress/deprecated": "^3.55.0", + "@wordpress/element": "^5.32.0", + "@wordpress/i18n": "^4.55.0", + "@wordpress/icons": "^9.46.0", + "@wordpress/private-apis": "^0.37.0", "classnames": "^2.3.1" }, "engines": { @@ -7523,18 +7487,6 @@ "react-dom": "^18.0.0" } }, - "node_modules/@wordpress/preferences/node_modules/@wordpress/private-apis": { - "version": "0.35.0", - "resolved": "https://registry.npmjs.org/@wordpress/private-apis/-/private-apis-0.35.0.tgz", - "integrity": "sha512-ta+k1VfwFFj3+JjpANwhancgEZEznYOvdVcKeLAlhKbM10IwIX2jGqwTjHsoN+C4o/8eoLi4RgJgdDWHGXiGrw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.16.0" - }, - "engines": { - "node": ">=12" - } - }, "node_modules/@wordpress/prettier-config": { "version": "3.12.0", "resolved": "https://registry.npmjs.org/@wordpress/prettier-config/-/prettier-config-3.12.0.tgz", @@ -7865,9 +7817,9 @@ } }, "node_modules/@wordpress/shortcode": { - "version": "3.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/shortcode/-/shortcode-3.53.0.tgz", - "integrity": "sha512-ste35FEC3wKUmGpPCh0UaujAKUFSamcI2NEW7H+j+ODX8tgsa2fuLX4wtxPenrkoDlCblZVW4Q2tIIgBmex6XA==", + "version": "3.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/shortcode/-/shortcode-3.55.0.tgz", + "integrity": "sha512-vhOfWdovDTC26Re1QlGHhlxtu6IxbDbDsXHQhV4oJCYDubdcKQEeL/Ne6Elsz4UonhrO7qaFnjR6sav99fHf7Q==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", @@ -7878,9 +7830,9 @@ } }, "node_modules/@wordpress/style-engine": { - "version": "1.36.0", - "resolved": "https://registry.npmjs.org/@wordpress/style-engine/-/style-engine-1.36.0.tgz", - "integrity": "sha512-6ANXOxOinWxMssdlhvlGoaI25okwLEx2SC6r+/JH6I7HYlnk/TSSgkpxz9t/b/sGOKrG46KzzXZT2XVb+4pDCQ==", + "version": "1.38.0", + "resolved": "https://registry.npmjs.org/@wordpress/style-engine/-/style-engine-1.38.0.tgz", + "integrity": "sha512-BncT4MrZNzNEOghNd2JInbU7MoTokSHQBVlQlzLTa3ZLlJ/Mbp5ZswGAFlbRviBIkp4RMgNKagBczRBjkbF4Pg==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0", @@ -7907,9 +7859,9 @@ } }, "node_modules/@wordpress/token-list": { - "version": "2.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/token-list/-/token-list-2.53.0.tgz", - "integrity": "sha512-SI6/UD8USz6USJUoF9r70/lMtp24tb9qjWCMqJp1vvtFcKgNpqHZ63SXnfE3FlYUt/Y6UurPbbsnXw6FhFEfdw==", + "version": "2.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/token-list/-/token-list-2.55.0.tgz", + "integrity": "sha512-bV5Zm6fZzP5FviL9GJyV2zEYb2d/rHUjlOG+X3Ul8Si6YFfZHymIJcWqQamTgLJV78nmg4av0lVtYQIA4GCh+Q==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0" @@ -7954,9 +7906,9 @@ } }, "node_modules/@wordpress/wordcount": { - "version": "3.53.0", - "resolved": "https://registry.npmjs.org/@wordpress/wordcount/-/wordcount-3.53.0.tgz", - "integrity": "sha512-pzx1VojKb/yh/J+GOb8+QF3UwlXuIaSXG5wurABxXPBZVk8UBmZotiEvQOZRJW1J6wn8Kta6eiwn34imR4la9A==", + "version": "3.55.0", + "resolved": "https://registry.npmjs.org/@wordpress/wordcount/-/wordcount-3.55.0.tgz", + "integrity": "sha512-Ux2amXybBFDZMz/IaJ2IbHjU8Jf/fmAbr19CFiUooVVyoenfNSE4Tw5ZVD0uKttHWbigF5Fw+CetHrA1Bz/W9w==", "dev": true, "dependencies": { "@babel/runtime": "^7.16.0" @@ -8321,9 +8273,9 @@ "dev": true }, "node_modules/aria-hidden": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/aria-hidden/-/aria-hidden-1.2.3.tgz", - "integrity": "sha512-xcLxITLe2HYa1cnYnwCjkOO1PqUHQpozB8x9AR0OgWN2woOBi5kSDVxKfd0b7sb1hw5qFeJhXm9H1nu3xSfLeQ==", + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/aria-hidden/-/aria-hidden-1.2.4.tgz", + "integrity": "sha512-y+CcFFwelSXpLZk/7fMB2mUbGtX9lKycf1MWJ7CaTIERyitVlyQx6C+sxcROU2BAJ24OiZyK+8wj2i8AlBoS3A==", "dev": true, "dependencies": { "tslib": "^2.0.0" @@ -25689,9 +25641,9 @@ } }, "node_modules/react-remove-scroll-bar": { - "version": "2.3.5", - "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.5.tgz", - "integrity": "sha512-3cqjOqg6s0XbOjWvmasmqHch+RLxIEk2r/70rzGXuz3iIGQsQheEQyqYCBb5EECoD01Vo2SIbDqW4paLeLTASw==", + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.6.tgz", + "integrity": "sha512-DtSYaao4mBmX+HDo5YWYdBWQwYIQQshUV/dVxFxK+KM26Wjwp1gZ6rv6OC3oujI6Bfu6Xyg3TwK533AQutsn/g==", "dev": true, "dependencies": { "react-style-singleton": "^2.2.1", @@ -30061,9 +30013,9 @@ } }, "node_modules/use-callback-ref": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.3.1.tgz", - "integrity": "sha512-Lg4Vx1XZQauB42Hw3kK7JM6yjVjgFmFC5/Ab797s79aARomD2nEErc4mCgM8EZrARLmmbWpi5DGCadmK50DcAQ==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.3.2.tgz", + "integrity": "sha512-elOQwe6Q8gqZgDA8mrh44qRTQqpIHDcZ3hXTLjBe1i4ph8XpNJnO+aQf3NaG+lriLopI4HMx9VjQLfPQ6vhnoA==", "dev": true, "dependencies": { "tslib": "^2.0.0" diff --git a/package.json b/package.json index 9442c175a..684e35ed6 100644 --- a/package.json +++ b/package.json @@ -90,7 +90,7 @@ "@types/wordpress__block-editor": "^11.5.9", "@types/wordpress__components": "^23.0.11", "@typescript-eslint/parser": "^7.2.0", - "@wordpress/block-editor": "^12.21.0", + "@wordpress/block-editor": "^12.23.0", "@wordpress/components": "^27.3.0", "@wordpress/compose": "^6.15.0", "@wordpress/data": "^9.22.0", From 9fb84b0250fd14b635837912a26747a64399d7eb Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 13:39:06 +0300 Subject: [PATCH 02/18] fix: improve block sanitization --- .phpunit.result.cache | 2 +- inc/render/class-posts-grid-block.php | 2 +- tests/bootstrap.php | 19 +++-- tests/test-post-grid-block.php | 102 ++++++++++++++++++++++++++ 4 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 tests/test-post-grid-block.php diff --git a/.phpunit.result.cache b/.phpunit.result.cache index 7480da8ec..1347ab99b 100644 --- a/.phpunit.result.cache +++ b/.phpunit.result.cache @@ -1 +1 @@ -{"version":1,"defects":{"TestBlockConditions::test_hide_css_desktop_condition":3},"times":{"TestBlockConditions::test_logged_in_user_on_login":0.034,"TestBlockConditions::test_logged_in_user_on_logout":0.023,"TestBlockConditions::test_logged_out_user_on_login":0.028,"TestBlockConditions::test_logged_out_user_on_logout":0.028,"TestBlockConditions::test_user_roles_has_role":0.028,"TestBlockConditions::test_user_roles_does_not_have_role":0.028,"TestBlockConditions::test_post_type":0.028,"TestBlockConditions::test_post_type_on_invalid":0.028,"TestBlockConditions::test_post_category":0.028,"TestBlockConditions::test_post_category_on_invalid":0.028,"TestBlockConditions::test_logged_in_user_meta":0.028,"TestBlockConditions::test_logged_in_user_meta_invalid":0.03,"TestBlockConditions::test_post_meta":0.029,"TestBlockConditions::test_post_meta_invalid":0.029,"TestBlockConditions::test_date_range":0.029,"TestBlockConditions::test_date_range_invalid":0.029,"TestBlockConditions::test_date_recurring":0.029,"TestBlockConditions::test_multiple_conditions":0.03,"TestBlockConditions::test_multiple_conditions__with_one_invalid":0.029,"TestBlockConditions::test_multiple_conditions_with_all_invalid":0.029,"TestBlockConditions::test_or_collection":0.029,"TestBlockConditions::test_or_collection_invalid":0.03,"TestBlockConditions::test_hide_css_desktop_condition":0.03,"TestCSS::test_css_simple":0,"TestCSS::test_css_defaults":0,"TestCSS::test_css_format":0,"TestCSS::test_css_condition":0.002,"TestCSS::test_css_pattern":0,"TestCSS::test_render_box":0,"TestDynamicContent::test_post_id":0.029,"TestDynamicContent::test_post_type":0.026,"TestDynamicContent::test_post_title":0.025,"TestDynamicContent::test_post_status":0.028,"TestDynamicContent::test_post_content":0.028,"TestDynamicContent::test_post_excerpt":0.028,"TestDynamicContent::test_post_date":0.032,"TestDynamicContent::test_post_time":0.032,"TestDynamicContent::test_post_terms":0.028,"TestDynamicContent::test_post_meta":0.029,"TestDynamicContent::test_acf":0.028,"TestDynamicContent::test_site_title":0.028,"TestDynamicContent::test_site_tagline":0.029,"TestDynamicContent::test_author_name":0.028,"TestDynamicContent::test_author_description":0.029,"TestDynamicContent::test_author_meta":0.028,"TestDynamicContent::test_logged_in_user_name":0.029,"TestDynamicContent::test_logged_in_user_description":0.028,"TestDynamicContent::test_logged_in_user_email":0.028,"TestDynamicContent::test_logged_in_user_meta":0.028,"TestDynamicContent::test_archive_title":0.028,"TestDynamicContent::test_archive_description":0.029,"TestDynamicContent::test_date":0.028,"TestDynamicContent::test_time":0.028,"TestDynamicContent::test_query_string":0.028,"TestDynamicContent::test_country":0.028,"TestDynamicContent::test_post_id_evaluation":0.028,"TestDynamicContent::test_post_type_evaluation":0.029,"TestDynamicContent::test_post_title_evaluation":0.03,"TestDynamicContent::test_post_status_evaluation":0.035,"TestDynamicContent::test_post_content_evaluation":0.033,"TestDynamicContent::test_post_excerpt_evaluation":0.029,"TestDynamicContent::test_logged_in_user_name_evaluation":0.028,"TestDynamicContent::test_logged_in_user_description_evaluation":0.027,"TestDynamicContent::test_logged_in_user_email_evaluation":0.029,"TestDynamicContent::test_date_evaluation":0.028,"TestDynamicContent::test_time_evaluation":0.027,"TestDynamicContent::test_author_name_evaluation":0.028,"TestDynamicContent::test_author_description_evaluation":0.029,"TestDynamicContent::test_multiple_dynamic_content_queries":0.03,"TestDynamicContent::test_multiple_dynamic_content_queries_on_long_content":0.05,"TestPatterns::test_fetch_patterns":0.475,"TestStripeAPI::test_retrieve_products":0.053,"TestStripeAPI::test_retrieve_prices":0.002,"TestStripeAPI::test_retrieve_product":0.001,"TestStripeAPI::test_retrieve_price":0.001,"TestStripeAPI::test_retrieve_session_email":0.001,"TestStripeAPI::test_user_purchase":0.001,"TestStripeAPI::test_status_for_price_id":0.001,"TestBlockConditions::test_hide_css_tablet_condition":0.028,"TestBlockConditions::test_hide_css_mobile_condition":0.029,"TestBlockConditions::test_hide_css_all_condition":0.028,"TestBlockConditions::test_get_css_hide_condition":0.03,"TestBlockConditions::test_get_css_hide_condition_no_hide":0.028}} \ No newline at end of file +{"version":1,"defects":{"TestBlockConditions::test_hide_css_desktop_condition":3,"TestPatterns::test_fetch_patterns":4,"TestPostGridBlock::test_render_sanitization":4,"TestStripeAPI::test_retrieve_products":4,"TestStripeAPI::test_retrieve_prices":4,"TestStripeAPI::test_retrieve_product":4,"TestStripeAPI::test_retrieve_price":4,"TestStripeAPI::test_retrieve_session_email":4,"TestStripeAPI::test_user_purchase":4,"TestStripeAPI::test_status_for_price_id":4,"Test_PostGridBlock::test_render_sanitization":4},"times":{"TestBlockConditions::test_logged_in_user_on_login":0.042,"TestBlockConditions::test_logged_in_user_on_logout":0.026,"TestBlockConditions::test_logged_out_user_on_login":0.041,"TestBlockConditions::test_logged_out_user_on_logout":0.045,"TestBlockConditions::test_user_roles_has_role":0.036,"TestBlockConditions::test_user_roles_does_not_have_role":0.036,"TestBlockConditions::test_post_type":0.039,"TestBlockConditions::test_post_type_on_invalid":0.041,"TestBlockConditions::test_post_category":0.035,"TestBlockConditions::test_post_category_on_invalid":0.028,"TestBlockConditions::test_logged_in_user_meta":0.027,"TestBlockConditions::test_logged_in_user_meta_invalid":0.031,"TestBlockConditions::test_post_meta":0.028,"TestBlockConditions::test_post_meta_invalid":0.03,"TestBlockConditions::test_date_range":0.028,"TestBlockConditions::test_date_range_invalid":0.029,"TestBlockConditions::test_date_recurring":0.026,"TestBlockConditions::test_multiple_conditions":0.028,"TestBlockConditions::test_multiple_conditions__with_one_invalid":0.032,"TestBlockConditions::test_multiple_conditions_with_all_invalid":0.033,"TestBlockConditions::test_or_collection":0.029,"TestBlockConditions::test_or_collection_invalid":0.032,"TestBlockConditions::test_hide_css_desktop_condition":0.039,"TestCSS::test_css_simple":0.001,"TestCSS::test_css_defaults":0,"TestCSS::test_css_format":0,"TestCSS::test_css_condition":0.002,"TestCSS::test_css_pattern":0,"TestCSS::test_render_box":0,"TestDynamicContent::test_post_id":0.028,"TestDynamicContent::test_post_type":0.035,"TestDynamicContent::test_post_title":0.032,"TestDynamicContent::test_post_status":0.031,"TestDynamicContent::test_post_content":0.033,"TestDynamicContent::test_post_excerpt":0.035,"TestDynamicContent::test_post_date":0.024,"TestDynamicContent::test_post_time":0.037,"TestDynamicContent::test_post_terms":0.037,"TestDynamicContent::test_post_meta":0.037,"TestDynamicContent::test_acf":0.032,"TestDynamicContent::test_site_title":0.032,"TestDynamicContent::test_site_tagline":0.031,"TestDynamicContent::test_author_name":0.034,"TestDynamicContent::test_author_description":0.03,"TestDynamicContent::test_author_meta":0.035,"TestDynamicContent::test_logged_in_user_name":0.037,"TestDynamicContent::test_logged_in_user_description":0.037,"TestDynamicContent::test_logged_in_user_email":0.034,"TestDynamicContent::test_logged_in_user_meta":0.036,"TestDynamicContent::test_archive_title":0.041,"TestDynamicContent::test_archive_description":0.029,"TestDynamicContent::test_date":0.039,"TestDynamicContent::test_time":0.042,"TestDynamicContent::test_query_string":0.036,"TestDynamicContent::test_country":0.036,"TestDynamicContent::test_post_id_evaluation":0.034,"TestDynamicContent::test_post_type_evaluation":0.037,"TestDynamicContent::test_post_title_evaluation":0.037,"TestDynamicContent::test_post_status_evaluation":0.037,"TestDynamicContent::test_post_content_evaluation":0.044,"TestDynamicContent::test_post_excerpt_evaluation":0.037,"TestDynamicContent::test_logged_in_user_name_evaluation":0.037,"TestDynamicContent::test_logged_in_user_description_evaluation":0.037,"TestDynamicContent::test_logged_in_user_email_evaluation":0.034,"TestDynamicContent::test_date_evaluation":0.033,"TestDynamicContent::test_time_evaluation":0.034,"TestDynamicContent::test_author_name_evaluation":0.037,"TestDynamicContent::test_author_description_evaluation":0.033,"TestDynamicContent::test_multiple_dynamic_content_queries":0.033,"TestDynamicContent::test_multiple_dynamic_content_queries_on_long_content":0.063,"TestPatterns::test_fetch_patterns":0.002,"TestStripeAPI::test_retrieve_products":0.06,"TestStripeAPI::test_retrieve_prices":0.003,"TestStripeAPI::test_retrieve_product":0.001,"TestStripeAPI::test_retrieve_price":0.002,"TestStripeAPI::test_retrieve_session_email":0.003,"TestStripeAPI::test_user_purchase":0.003,"TestStripeAPI::test_status_for_price_id":0.002,"TestBlockConditions::test_hide_css_tablet_condition":0.036,"TestBlockConditions::test_hide_css_mobile_condition":0.031,"TestBlockConditions::test_hide_css_all_condition":0.033,"TestBlockConditions::test_get_css_hide_condition":0.033,"TestBlockConditions::test_get_css_hide_condition_no_hide":0.031,"TestBlockConditions::test_load_condition_hide_on_styles":0.033,"TestPostGridBlock::test_render_sanitization":0.001,"Test_PostGridBlock::test_render_sanitization":0.011,"Test_Post_Grid_Block::test_render_sanitization":0.002}} \ No newline at end of file diff --git a/inc/render/class-posts-grid-block.php b/inc/render/class-posts-grid-block.php index 1a525f53f..e6b2eacd0 100644 --- a/inc/render/class-posts-grid-block.php +++ b/inc/render/class-posts-grid-block.php @@ -117,7 +117,7 @@ function ( $x ) use ( $sticky_posts_id ) { $block_content = sprintf( '
%3$s
%5$s
%6$s
', $wrapper_attributes, - isset( $attributes['id'] ) ? $attributes['id'] : '', + isset( $attributes['id'] ) ? esc_attr( $attributes['id'] ) : '', isset( $attributes['enableFeaturedPost'] ) && $attributes['enableFeaturedPost'] && isset( $recent_posts[0] ) ? $this->render_featured_post( $recent_posts[0], $attributes ) : '', esc_attr( trim( $class ) ), $list_items_markup, diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 96ff47338..b7dd3b58d 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -18,6 +18,14 @@ // Give access to tests_add_filter() function. require_once $_tests_dir . '/includes/functions.php'; +function _manually_load_plugin() { + require dirname( dirname( __FILE__ ) ) . '/otter-blocks.php'; +} + +tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' ); + +require_once dirname( dirname( __FILE__ ) ) . '/vendor/autoload.php'; + // Start up the WP testing environment. require $_tests_dir . '/includes/bootstrap.php'; @@ -26,12 +34,13 @@ } require dirname( dirname( __FILE__ ) ) . '/tests/stripe-http-client-mock.php'; -require dirname( dirname( __FILE__ ) ) . '/inc/css/class-css-utility.php'; -require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-block-conditions.php'; -require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-dynamic-content.php'; -require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-block-conditions.php'; -require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-dynamic-content.php'; +//require dirname( dirname( __FILE__ ) ) . '/inc/css/class-css-utility.php'; +//require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-block-conditions.php'; +//require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-dynamic-content.php'; +//require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-block-conditions.php'; +//require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-dynamic-content.php'; +activate_plugin( 'otter-blocks/otter-blocks.php' ); global $current_user; $current_user = new WP_User( 1 ); $current_user->set_role( 'administrator' ); diff --git a/tests/test-post-grid-block.php b/tests/test-post-grid-block.php new file mode 100644 index 000000000..abfacf204 --- /dev/null +++ b/tests/test-post-grid-block.php @@ -0,0 +1,102 @@ + 'wp-block-themeisle-blocks-posts-grid-a94bab18', + 'columns' => 2, + 'className' => '', + 'style' => 'grid', + 'postTypes' => array(), + 'template' => array( + 0 => 'category', + 1 => 'title', + 2 => 'meta', + 3 => 'description', + ), + 'postsToShow' => 5, + 'order' => 'desc', + 'orderBy' => 'date', + 'offset' => 0, + 'imageSize' => 'full', + 'displayFeaturedImage' => true, + 'displayCategory' => true, + 'displayTitle' => true, + 'titleTag' => 'h5', + 'displayMeta' => true, + 'displayDescription' => true, + 'excerptLength' => 100, + 'displayDate' => true, + 'displayUpdatedDate' => false, + 'displayAuthor' => true, + 'displayComments' => true, + 'displayPostCategory' => false, + 'displayReadMoreLink' => false, + 'cropImage' => false, + 'boxShadow' => array( + 'active' => false, + 'colorOpacity' => 50, + 'blur' => 5, + 'spread' => 1, + 'horizontal' => 0, + 'vertical' => 0, + ), + 'imageBoxShadow' => array( + 'active' => false, + 'colorOpacity' => 50, + 'blur' => 5, + 'spread' => 1, + 'horizontal' => 0, + 'vertical' => 0, + ), + 'hasPagination' => false, + 'hasCustomCSS' => false, + 'customCSS' => '', + 'otterConditions' => array(), + ); + + /** + * Test the fetching of patterns. + */ + public function test_render_sanitization() { + $this->post_grid_block = new Posts_Grid_Block(); + WP_Block_Supports::init(); + WP_Block_Supports::$block_to_render = array( 'blockName' => 'themeisle-blocks/posts-grid' ); + + $base_attributes = $this->attributes; + + $output = $this->post_grid_block->render( $base_attributes ); + $expected = '
'; + $this->assertEquals( $expected, $output ); + + $malformed_attributes = $base_attributes; + $malformed_attributes['id'] = 'wp-block-themeisle-blocks-posts-grid-12345\\"onmouseover=alert(123) b='; + + // We expect the id to be sanitized. + $expected = '
'; + $output = $this->post_grid_block->render( $malformed_attributes ); + + $this->assertEquals( $expected, $output ); + } +} From 42573459b63a34c64834d77fd8ceef4e5d8f6998 Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 13:41:10 +0300 Subject: [PATCH 03/18] chore: remove phpunit results cache from repo --- .phpunit.result.cache | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .phpunit.result.cache diff --git a/.phpunit.result.cache b/.phpunit.result.cache deleted file mode 100644 index 1347ab99b..000000000 --- a/.phpunit.result.cache +++ /dev/null @@ -1 +0,0 @@ -{"version":1,"defects":{"TestBlockConditions::test_hide_css_desktop_condition":3,"TestPatterns::test_fetch_patterns":4,"TestPostGridBlock::test_render_sanitization":4,"TestStripeAPI::test_retrieve_products":4,"TestStripeAPI::test_retrieve_prices":4,"TestStripeAPI::test_retrieve_product":4,"TestStripeAPI::test_retrieve_price":4,"TestStripeAPI::test_retrieve_session_email":4,"TestStripeAPI::test_user_purchase":4,"TestStripeAPI::test_status_for_price_id":4,"Test_PostGridBlock::test_render_sanitization":4},"times":{"TestBlockConditions::test_logged_in_user_on_login":0.042,"TestBlockConditions::test_logged_in_user_on_logout":0.026,"TestBlockConditions::test_logged_out_user_on_login":0.041,"TestBlockConditions::test_logged_out_user_on_logout":0.045,"TestBlockConditions::test_user_roles_has_role":0.036,"TestBlockConditions::test_user_roles_does_not_have_role":0.036,"TestBlockConditions::test_post_type":0.039,"TestBlockConditions::test_post_type_on_invalid":0.041,"TestBlockConditions::test_post_category":0.035,"TestBlockConditions::test_post_category_on_invalid":0.028,"TestBlockConditions::test_logged_in_user_meta":0.027,"TestBlockConditions::test_logged_in_user_meta_invalid":0.031,"TestBlockConditions::test_post_meta":0.028,"TestBlockConditions::test_post_meta_invalid":0.03,"TestBlockConditions::test_date_range":0.028,"TestBlockConditions::test_date_range_invalid":0.029,"TestBlockConditions::test_date_recurring":0.026,"TestBlockConditions::test_multiple_conditions":0.028,"TestBlockConditions::test_multiple_conditions__with_one_invalid":0.032,"TestBlockConditions::test_multiple_conditions_with_all_invalid":0.033,"TestBlockConditions::test_or_collection":0.029,"TestBlockConditions::test_or_collection_invalid":0.032,"TestBlockConditions::test_hide_css_desktop_condition":0.039,"TestCSS::test_css_simple":0.001,"TestCSS::test_css_defaults":0,"TestCSS::test_css_format":0,"TestCSS::test_css_condition":0.002,"TestCSS::test_css_pattern":0,"TestCSS::test_render_box":0,"TestDynamicContent::test_post_id":0.028,"TestDynamicContent::test_post_type":0.035,"TestDynamicContent::test_post_title":0.032,"TestDynamicContent::test_post_status":0.031,"TestDynamicContent::test_post_content":0.033,"TestDynamicContent::test_post_excerpt":0.035,"TestDynamicContent::test_post_date":0.024,"TestDynamicContent::test_post_time":0.037,"TestDynamicContent::test_post_terms":0.037,"TestDynamicContent::test_post_meta":0.037,"TestDynamicContent::test_acf":0.032,"TestDynamicContent::test_site_title":0.032,"TestDynamicContent::test_site_tagline":0.031,"TestDynamicContent::test_author_name":0.034,"TestDynamicContent::test_author_description":0.03,"TestDynamicContent::test_author_meta":0.035,"TestDynamicContent::test_logged_in_user_name":0.037,"TestDynamicContent::test_logged_in_user_description":0.037,"TestDynamicContent::test_logged_in_user_email":0.034,"TestDynamicContent::test_logged_in_user_meta":0.036,"TestDynamicContent::test_archive_title":0.041,"TestDynamicContent::test_archive_description":0.029,"TestDynamicContent::test_date":0.039,"TestDynamicContent::test_time":0.042,"TestDynamicContent::test_query_string":0.036,"TestDynamicContent::test_country":0.036,"TestDynamicContent::test_post_id_evaluation":0.034,"TestDynamicContent::test_post_type_evaluation":0.037,"TestDynamicContent::test_post_title_evaluation":0.037,"TestDynamicContent::test_post_status_evaluation":0.037,"TestDynamicContent::test_post_content_evaluation":0.044,"TestDynamicContent::test_post_excerpt_evaluation":0.037,"TestDynamicContent::test_logged_in_user_name_evaluation":0.037,"TestDynamicContent::test_logged_in_user_description_evaluation":0.037,"TestDynamicContent::test_logged_in_user_email_evaluation":0.034,"TestDynamicContent::test_date_evaluation":0.033,"TestDynamicContent::test_time_evaluation":0.034,"TestDynamicContent::test_author_name_evaluation":0.037,"TestDynamicContent::test_author_description_evaluation":0.033,"TestDynamicContent::test_multiple_dynamic_content_queries":0.033,"TestDynamicContent::test_multiple_dynamic_content_queries_on_long_content":0.063,"TestPatterns::test_fetch_patterns":0.002,"TestStripeAPI::test_retrieve_products":0.06,"TestStripeAPI::test_retrieve_prices":0.003,"TestStripeAPI::test_retrieve_product":0.001,"TestStripeAPI::test_retrieve_price":0.002,"TestStripeAPI::test_retrieve_session_email":0.003,"TestStripeAPI::test_user_purchase":0.003,"TestStripeAPI::test_status_for_price_id":0.002,"TestBlockConditions::test_hide_css_tablet_condition":0.036,"TestBlockConditions::test_hide_css_mobile_condition":0.031,"TestBlockConditions::test_hide_css_all_condition":0.033,"TestBlockConditions::test_get_css_hide_condition":0.033,"TestBlockConditions::test_get_css_hide_condition_no_hide":0.031,"TestBlockConditions::test_load_condition_hide_on_styles":0.033,"TestPostGridBlock::test_render_sanitization":0.001,"Test_PostGridBlock::test_render_sanitization":0.011,"Test_Post_Grid_Block::test_render_sanitization":0.002}} \ No newline at end of file From c791a53d483bd930810a4a40bffbc680232e8380 Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 13:49:14 +0300 Subject: [PATCH 04/18] chore: added build step to phunit ci job --- .github/workflows/test-php.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test-php.yml b/.github/workflows/test-php.yml index 3fdd05842..d45303e8c 100644 --- a/.github/workflows/test-php.yml +++ b/.github/workflows/test-php.yml @@ -103,6 +103,10 @@ jobs: run: | npm ci + - name: npm run build + run: | + npm run build + - name: Setup WP Env run: | npm run test:unit:php:setup From 7d461248f08b68369975de16a1f62cc53e7173f5 Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 15:12:29 +0300 Subject: [PATCH 05/18] chore: remove extra imports --- tests/bootstrap.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/bootstrap.php b/tests/bootstrap.php index b7dd3b58d..7cb62fd36 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -34,11 +34,6 @@ function _manually_load_plugin() { } require dirname( dirname( __FILE__ ) ) . '/tests/stripe-http-client-mock.php'; -//require dirname( dirname( __FILE__ ) ) . '/inc/css/class-css-utility.php'; -//require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-block-conditions.php'; -//require dirname( dirname( __FILE__ ) ) . '/inc/plugins/class-dynamic-content.php'; -//require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-block-conditions.php'; -//require dirname( dirname( __FILE__ ) ) . '/plugins/otter-pro/inc/plugins/class-dynamic-content.php'; activate_plugin( 'otter-blocks/otter-blocks.php' ); global $current_user; From dfeaf1463fdbb621432760802400a73ebe5366b9 Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 15:13:15 +0300 Subject: [PATCH 06/18] fix: sanitization of uploaded svg --- inc/class-main.php | 101 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/inc/class-main.php b/inc/class-main.php index 57a8a2720..f25c67ed2 100644 --- a/inc/class-main.php +++ b/inc/class-main.php @@ -7,6 +7,7 @@ namespace ThemeIsle\GutenbergBlocks; +use enshrined\svgSanitize\Sanitizer; use ThemeIsle\GutenbergBlocks\Plugins\LimitedOffers; use ThemeIsle\GutenbergBlocks\Server\Dashboard_Server; @@ -40,6 +41,7 @@ public function init() { if ( ! function_exists( 'is_wpcom_vip' ) ) { add_filter( 'upload_mimes', array( $this, 'allow_meme_types' ), PHP_INT_MAX ); // phpcs:ignore WordPressVIPMinimum.Hooks.RestrictedHooks.upload_mimes + add_filter( 'wp_handle_upload_prefilter', array( $this, 'check_svg_and_sanitize' ) ); add_filter( 'wp_check_filetype_and_ext', array( $this, 'fix_mime_type_json_svg' ), 75, 3 ); add_filter( 'wp_generate_attachment_metadata', array( $this, 'generate_svg_attachment_metadata' ), PHP_INT_MAX, 2 ); } @@ -358,6 +360,105 @@ public function allow_meme_types( $mimes ) { return $mimes; } + /** + * Check if the file is an SVG, if so handle appropriately + * + * @param array $file An array of data for a single file. + * + * @return mixed + */ + public function check_svg_and_sanitize( $file ) { + // Ensure we have a proper file path before processing + if ( ! isset( $file['tmp_name'] ) ) { + return $file; + } + + $file_name = isset( $file['name'] ) ? $file['name'] : ''; + $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file_name ); + $type = ! empty( $wp_filetype['type'] ) ? $wp_filetype['type'] : ''; + + if ( 'image/svg+xml' === $type ) { + if ( ! current_user_can( 'upload_files' ) ) { + $file['error'] = __( + 'Sorry, you are not allowed to upload files.', + 'otter-blocks' + ); + + return $file; + } + + if ( ! $this->sanitize_svg( $file['tmp_name'] ) ) { + $file['error'] = __( + "Sorry, this file couldn't be sanitized so for security reasons wasn't uploaded", + 'otter-blocks' + ); + } + } + + return $file; + } + + /** + * Sanitize the SVG + * + * @param string $file Temp file path. + * + * @return bool|int + */ + protected function sanitize_svg( $file ) { + $dirty = file_get_contents( $file ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents + + // Is the SVG gzipped? If so we try and decode the string + $is_zipped = $this->is_gzipped( $dirty ); + if ( $is_zipped && ( ! function_exists( 'gzdecode' ) || ! function_exists( 'gzencode' ) ) ){ + return false; + } + + if ( $is_zipped ) { + $dirty = gzdecode( $dirty ); + + // If decoding fails, bail as we're not secure + if ( false === $dirty ) { + return false; + } + } + + $sanitizer = new Sanitizer(); + $clean = $sanitizer->sanitize( $dirty ); + + if ( false === $clean ) { + return false; + } + + // If we were gzipped, we need to re-zip + if ( $is_zipped ) { + $clean = gzencode( $clean ); + } + + file_put_contents( $file, $clean ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents + + return true; + } + + /** + * Check if the contents are gzipped + * + * @see http://www.gzip.org/zlib/rfc-gzip.html#member-format + * + * @param string $contents Content to check. + * + * @return bool + */ + protected function is_gzipped( $contents ) { + // phpcs:disable Generic.Strings.UnnecessaryStringConcat.Found + if ( function_exists( 'mb_strpos' ) ) { + return 0 === mb_strpos( $contents, "\x1f" . "\x8b" . "\x08" ); + } else { + return 0 === strpos( $contents, "\x1f" . "\x8b" . "\x08" ); + } + // phpcs:enable + } + /** * Allow JSON uploads * From 3072542fbd462e22035c5aa937e3cedb49c08218 Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 16:57:55 +0300 Subject: [PATCH 07/18] chore: code style --- inc/class-main.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/inc/class-main.php b/inc/class-main.php index f25c67ed2..7b3fd2088 100644 --- a/inc/class-main.php +++ b/inc/class-main.php @@ -368,7 +368,7 @@ public function allow_meme_types( $mimes ) { * @return mixed */ public function check_svg_and_sanitize( $file ) { - // Ensure we have a proper file path before processing + // Ensure we have a proper file path before processing. if ( ! isset( $file['tmp_name'] ) ) { return $file; } @@ -406,36 +406,38 @@ public function check_svg_and_sanitize( $file ) { * @return bool|int */ protected function sanitize_svg( $file ) { - $dirty = file_get_contents( $file ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents + // We can ignore the phpcs warning here as we're reading and writing to the Temp file. + $dirty = file_get_contents( $file ); // phpcs:ignore - // Is the SVG gzipped? If so we try and decode the string + // Is the SVG gzipped? If so we try and decode the string. $is_zipped = $this->is_gzipped( $dirty ); - if ( $is_zipped && ( ! function_exists( 'gzdecode' ) || ! function_exists( 'gzencode' ) ) ){ + if ( $is_zipped && ( ! function_exists( 'gzdecode' ) || ! function_exists( 'gzencode' ) ) ) { return false; } if ( $is_zipped ) { $dirty = gzdecode( $dirty ); - // If decoding fails, bail as we're not secure + // If decoding fails, bail as we're not secure. if ( false === $dirty ) { return false; } } - $sanitizer = new Sanitizer(); - $clean = $sanitizer->sanitize( $dirty ); + $sanitizer = new Sanitizer(); + $clean = $sanitizer->sanitize( $dirty ); if ( false === $clean ) { return false; } - // If we were gzipped, we need to re-zip + // If we were gzipped, we need to re-zip. if ( $is_zipped ) { $clean = gzencode( $clean ); } - file_put_contents( $file, $clean ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_read_file_put_contents + // We can ignore the phpcs warning here as we're reading and writing to the Temp file. + file_put_contents( $file, $clean ); // phpcs:ignore return true; } From cf3554c5b9150c492fab3f220d6e7c961c01509a Mon Sep 17 00:00:00 2001 From: Bogdan Preda Date: Tue, 9 Apr 2024 17:46:57 +0300 Subject: [PATCH 08/18] chore: added unit test --- .gitignore | 1 + .phpunit.result.cache | 2 +- tests/assets/xss.svg | 14 +++++++++++ tests/test-svg-upload.php | 52 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 tests/assets/xss.svg create mode 100644 tests/test-svg-upload.php diff --git a/.gitignore b/.gitignore index b9b0f397c..ecc1ec486 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ trace.json license.json .phpunit.result.cache .fleet +tests/assets/*_tmp diff --git a/.phpunit.result.cache b/.phpunit.result.cache index 7480da8ec..e524b65bf 100644 --- a/.phpunit.result.cache +++ b/.phpunit.result.cache @@ -1 +1 @@ -{"version":1,"defects":{"TestBlockConditions::test_hide_css_desktop_condition":3},"times":{"TestBlockConditions::test_logged_in_user_on_login":0.034,"TestBlockConditions::test_logged_in_user_on_logout":0.023,"TestBlockConditions::test_logged_out_user_on_login":0.028,"TestBlockConditions::test_logged_out_user_on_logout":0.028,"TestBlockConditions::test_user_roles_has_role":0.028,"TestBlockConditions::test_user_roles_does_not_have_role":0.028,"TestBlockConditions::test_post_type":0.028,"TestBlockConditions::test_post_type_on_invalid":0.028,"TestBlockConditions::test_post_category":0.028,"TestBlockConditions::test_post_category_on_invalid":0.028,"TestBlockConditions::test_logged_in_user_meta":0.028,"TestBlockConditions::test_logged_in_user_meta_invalid":0.03,"TestBlockConditions::test_post_meta":0.029,"TestBlockConditions::test_post_meta_invalid":0.029,"TestBlockConditions::test_date_range":0.029,"TestBlockConditions::test_date_range_invalid":0.029,"TestBlockConditions::test_date_recurring":0.029,"TestBlockConditions::test_multiple_conditions":0.03,"TestBlockConditions::test_multiple_conditions__with_one_invalid":0.029,"TestBlockConditions::test_multiple_conditions_with_all_invalid":0.029,"TestBlockConditions::test_or_collection":0.029,"TestBlockConditions::test_or_collection_invalid":0.03,"TestBlockConditions::test_hide_css_desktop_condition":0.03,"TestCSS::test_css_simple":0,"TestCSS::test_css_defaults":0,"TestCSS::test_css_format":0,"TestCSS::test_css_condition":0.002,"TestCSS::test_css_pattern":0,"TestCSS::test_render_box":0,"TestDynamicContent::test_post_id":0.029,"TestDynamicContent::test_post_type":0.026,"TestDynamicContent::test_post_title":0.025,"TestDynamicContent::test_post_status":0.028,"TestDynamicContent::test_post_content":0.028,"TestDynamicContent::test_post_excerpt":0.028,"TestDynamicContent::test_post_date":0.032,"TestDynamicContent::test_post_time":0.032,"TestDynamicContent::test_post_terms":0.028,"TestDynamicContent::test_post_meta":0.029,"TestDynamicContent::test_acf":0.028,"TestDynamicContent::test_site_title":0.028,"TestDynamicContent::test_site_tagline":0.029,"TestDynamicContent::test_author_name":0.028,"TestDynamicContent::test_author_description":0.029,"TestDynamicContent::test_author_meta":0.028,"TestDynamicContent::test_logged_in_user_name":0.029,"TestDynamicContent::test_logged_in_user_description":0.028,"TestDynamicContent::test_logged_in_user_email":0.028,"TestDynamicContent::test_logged_in_user_meta":0.028,"TestDynamicContent::test_archive_title":0.028,"TestDynamicContent::test_archive_description":0.029,"TestDynamicContent::test_date":0.028,"TestDynamicContent::test_time":0.028,"TestDynamicContent::test_query_string":0.028,"TestDynamicContent::test_country":0.028,"TestDynamicContent::test_post_id_evaluation":0.028,"TestDynamicContent::test_post_type_evaluation":0.029,"TestDynamicContent::test_post_title_evaluation":0.03,"TestDynamicContent::test_post_status_evaluation":0.035,"TestDynamicContent::test_post_content_evaluation":0.033,"TestDynamicContent::test_post_excerpt_evaluation":0.029,"TestDynamicContent::test_logged_in_user_name_evaluation":0.028,"TestDynamicContent::test_logged_in_user_description_evaluation":0.027,"TestDynamicContent::test_logged_in_user_email_evaluation":0.029,"TestDynamicContent::test_date_evaluation":0.028,"TestDynamicContent::test_time_evaluation":0.027,"TestDynamicContent::test_author_name_evaluation":0.028,"TestDynamicContent::test_author_description_evaluation":0.029,"TestDynamicContent::test_multiple_dynamic_content_queries":0.03,"TestDynamicContent::test_multiple_dynamic_content_queries_on_long_content":0.05,"TestPatterns::test_fetch_patterns":0.475,"TestStripeAPI::test_retrieve_products":0.053,"TestStripeAPI::test_retrieve_prices":0.002,"TestStripeAPI::test_retrieve_product":0.001,"TestStripeAPI::test_retrieve_price":0.001,"TestStripeAPI::test_retrieve_session_email":0.001,"TestStripeAPI::test_user_purchase":0.001,"TestStripeAPI::test_status_for_price_id":0.001,"TestBlockConditions::test_hide_css_tablet_condition":0.028,"TestBlockConditions::test_hide_css_mobile_condition":0.029,"TestBlockConditions::test_hide_css_all_condition":0.028,"TestBlockConditions::test_get_css_hide_condition":0.03,"TestBlockConditions::test_get_css_hide_condition_no_hide":0.028}} \ No newline at end of file +{"version":1,"defects":{"TestBlockConditions::test_hide_css_desktop_condition":3},"times":{"TestBlockConditions::test_logged_in_user_on_login":0.034,"TestBlockConditions::test_logged_in_user_on_logout":0.023,"TestBlockConditions::test_logged_out_user_on_login":0.028,"TestBlockConditions::test_logged_out_user_on_logout":0.028,"TestBlockConditions::test_user_roles_has_role":0.028,"TestBlockConditions::test_user_roles_does_not_have_role":0.028,"TestBlockConditions::test_post_type":0.028,"TestBlockConditions::test_post_type_on_invalid":0.028,"TestBlockConditions::test_post_category":0.028,"TestBlockConditions::test_post_category_on_invalid":0.028,"TestBlockConditions::test_logged_in_user_meta":0.028,"TestBlockConditions::test_logged_in_user_meta_invalid":0.03,"TestBlockConditions::test_post_meta":0.029,"TestBlockConditions::test_post_meta_invalid":0.029,"TestBlockConditions::test_date_range":0.029,"TestBlockConditions::test_date_range_invalid":0.029,"TestBlockConditions::test_date_recurring":0.029,"TestBlockConditions::test_multiple_conditions":0.03,"TestBlockConditions::test_multiple_conditions__with_one_invalid":0.029,"TestBlockConditions::test_multiple_conditions_with_all_invalid":0.029,"TestBlockConditions::test_or_collection":0.029,"TestBlockConditions::test_or_collection_invalid":0.03,"TestBlockConditions::test_hide_css_desktop_condition":0.03,"TestCSS::test_css_simple":0,"TestCSS::test_css_defaults":0,"TestCSS::test_css_format":0,"TestCSS::test_css_condition":0.002,"TestCSS::test_css_pattern":0,"TestCSS::test_render_box":0,"TestDynamicContent::test_post_id":0.029,"TestDynamicContent::test_post_type":0.026,"TestDynamicContent::test_post_title":0.025,"TestDynamicContent::test_post_status":0.028,"TestDynamicContent::test_post_content":0.028,"TestDynamicContent::test_post_excerpt":0.028,"TestDynamicContent::test_post_date":0.032,"TestDynamicContent::test_post_time":0.032,"TestDynamicContent::test_post_terms":0.028,"TestDynamicContent::test_post_meta":0.029,"TestDynamicContent::test_acf":0.028,"TestDynamicContent::test_site_title":0.028,"TestDynamicContent::test_site_tagline":0.029,"TestDynamicContent::test_author_name":0.028,"TestDynamicContent::test_author_description":0.029,"TestDynamicContent::test_author_meta":0.028,"TestDynamicContent::test_logged_in_user_name":0.029,"TestDynamicContent::test_logged_in_user_description":0.028,"TestDynamicContent::test_logged_in_user_email":0.028,"TestDynamicContent::test_logged_in_user_meta":0.028,"TestDynamicContent::test_archive_title":0.028,"TestDynamicContent::test_archive_description":0.029,"TestDynamicContent::test_date":0.028,"TestDynamicContent::test_time":0.028,"TestDynamicContent::test_query_string":0.028,"TestDynamicContent::test_country":0.028,"TestDynamicContent::test_post_id_evaluation":0.028,"TestDynamicContent::test_post_type_evaluation":0.029,"TestDynamicContent::test_post_title_evaluation":0.03,"TestDynamicContent::test_post_status_evaluation":0.035,"TestDynamicContent::test_post_content_evaluation":0.033,"TestDynamicContent::test_post_excerpt_evaluation":0.029,"TestDynamicContent::test_logged_in_user_name_evaluation":0.028,"TestDynamicContent::test_logged_in_user_description_evaluation":0.027,"TestDynamicContent::test_logged_in_user_email_evaluation":0.029,"TestDynamicContent::test_date_evaluation":0.028,"TestDynamicContent::test_time_evaluation":0.027,"TestDynamicContent::test_author_name_evaluation":0.028,"TestDynamicContent::test_author_description_evaluation":0.029,"TestDynamicContent::test_multiple_dynamic_content_queries":0.03,"TestDynamicContent::test_multiple_dynamic_content_queries_on_long_content":0.05,"TestPatterns::test_fetch_patterns":0.475,"TestStripeAPI::test_retrieve_products":0.053,"TestStripeAPI::test_retrieve_prices":0.002,"TestStripeAPI::test_retrieve_product":0.001,"TestStripeAPI::test_retrieve_price":0.001,"TestStripeAPI::test_retrieve_session_email":0.001,"TestStripeAPI::test_user_purchase":0.001,"TestStripeAPI::test_status_for_price_id":0.001,"TestBlockConditions::test_hide_css_tablet_condition":0.028,"TestBlockConditions::test_hide_css_mobile_condition":0.029,"TestBlockConditions::test_hide_css_all_condition":0.028,"TestBlockConditions::test_get_css_hide_condition":0.03,"TestBlockConditions::test_get_css_hide_condition_no_hide":0.028,"Test_SVG_Upload::test_svg_upload":0.02}} \ No newline at end of file diff --git a/tests/assets/xss.svg b/tests/assets/xss.svg new file mode 100644 index 000000000..90b57ac94 --- /dev/null +++ b/tests/assets/xss.svg @@ -0,0 +1,14 @@ + + + + diff --git a/tests/test-svg-upload.php b/tests/test-svg-upload.php new file mode 100644 index 000000000..16e776e7a --- /dev/null +++ b/tests/test-svg-upload.php @@ -0,0 +1,52 @@ + $file, + 'type' => 'image/svg+xml', + 'tmp_name' => $tmp_path, + 'error' => 0, + 'size' => filesize( $file ), + ]; + } else { + throw new RuntimeException( 'Could not copy test file from ' . $file . ' to ' . $tmp_path ); + } + } + + public function test_svg_upload() { + // Set the user as the current user. + wp_set_current_user( 1 ); + + $main = new ThemeIsle\GutenbergBlocks\Main(); + $main->init(); + $file = $this->handle_upload( __DIR__ . '/assets/xss.svg' ); + $response = $main->check_svg_and_sanitize( $file ); + + // We check that no error was attached. + $this->assertTrue( empty( $response['error'] ) ); + + $contents = file_get_contents( $response['tmp_name'] ); + + // We check that the SVG was sanitized. + $this->assertTrue( strpos( $contents, '